dongzaliang4492 2014-09-05 14:58
浏览 14
已采纳

表单提交给PHP

I am trying to submit data from an HTML form to PHP to be saved into mysql database. I had previously done this and for some reason it cannot work, I must be missing something.

This is Register page

<form action="reg.php" method="POST">
        <table >
            <tr>
                <td>Email :</td>
                <td><input name="Email" type="text" /></td>
            </tr>
            <tr>
                <td>Password :</td>
                <td><input name="Password" type="password" /></td>
            </tr>
            <tr>
                <td> </td>
                <td><input type="submit" name="submit" value="Submit"> </td>
            </tr>


        </table>
    </form>

This is the reg.php

<?php

include_once("db.php");

$SQL = "INSERT INTO  users  (Email, Password  ) VALUES ('".$_GET["Email"]."','". $_GET['Password'] ."' )";     

mysql_query($SQL);
error_reporting(E_ALL);
?>

And this is the db.php

<?php

$MyUsername = "root";   
$MyPassword = "";   
$MyHostname = "localhost";      

$dbh = mysql_pconnect($MyHostname , $MyUsername, $MyPassword);
$selected = mysql_select_db("dbName",$dbh);
?>

If I run

localhost/reg.php?Email=email@gmail.com&Password=123456

It does work and those values are shown in the database, I must be missing something in the register page.

It could be a stupid mistake as Im new to PHP.

Thanks in advance

  • 写回答

3条回答 默认 最新

  • douchen9855 2014-09-05 15:01
    关注

    You need to be using $_POST instead of $_GET

    .$_GET["Email"]."','". $_GET['Password'] ."' )";

    should be

    .$_POST["Email"]."','". $_POST['Password'] ."' )";

    When you type the URL in, that is a GET request which is why it works. You should really POST a form, because a GET will transmit the variables in the query string, and be visible. A password field is still plain text when it's transmitted.

    Also, as has been mentioned, you're using deprecated methods for talking to the database and you're leaving yourself prone to SQL injection. Take a look at PDO http://php.net/manual/en/book.pdo.php

    Use mysqli with prepared statements, or PDO with prepared statements

    Also consider using CRYPT_BLOWFISH or PHP 5.5's password_hash() function for password storage.

    For PHP < 5.5 use the password_hash() compatibility pack.

    Storing what seems to be done in plain text, is not safe.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论
查看更多回答(2条)

报告相同问题?

悬赏问题

  • ¥20 cad图纸,chx-3六轴码垛机器人
  • ¥15 移动摄像头专网需要解vlan
  • ¥20 access多表提取相同字段数据并合并
  • ¥20 基于MSP430f5529的MPU6050驱动,求出欧拉角
  • ¥20 Java-Oj-桌布的计算
  • ¥15 powerbuilder中的datawindow数据整合到新的DataWindow
  • ¥20 有人知道这种图怎么画吗?
  • ¥15 pyqt6如何引用qrc文件加载里面的的资源
  • ¥15 安卓JNI项目使用lua上的问题
  • ¥20 RL+GNN解决人员排班问题时梯度消失